The CFPB’s source code policy: open and shared
The Consumer Financial Protection Bureau was fortunate to be born in the digital era. We’ve been able to rethink many of the practices that make financial products confusing to consumers and certain regulations burdensome for businesses. We’ve also been able to launch the CFPB with a state-of-the-art technical infrastructure that’s more stable and more cost-effective than an equivalent system was just ten years ago.
Many of the things we’re doing are new to government, which has made them difficult to achieve. But the hard part lies ahead. While our current technology is great, those of us on the CFPB’s Technology & Innovation team will have failed if we’re still using the same tools 10 years from now. Our goal is not to tie the Bureau to 2012’s technology, but to create something that stays modern and relevant – no matter the year.
Good internal technology policies can help, especially the policy that governs our use of software source code. We are unveiling that policy today.
Source code is the set of instructions that tells software how to work. This is distinct from data, which is the content that a user inputs into the software. Unlike data, most users never see software source code; it works behind the scenes while the users interact with their data through a more intuitive, human-friendly interface.
Some software lets users modify its source code, so that they can tweak the code to achieve their own goals if the software doesn’t specifically do what users want. Source code that can be freely modified and redistributed is known as “open-source software,” and it has been instrumental to the CFPB’s innovation efforts for a few reasons:
It is usually very easy to acquire, as there are no ongoing licensing fees. Just pay once, and the product is yours. It keeps our data open. If we decide one day to move our web site to another platform, we don’t have to worry about whether the current platform is going to keep us from exporting all of our data. (Only some proprietary software keeps its data open, but all open source software does so.) It lets us use tailor-made tools without having to build those tools from scratch. This lets us do things that nobody else has ever done, and do them quickly.Until recently, the federal government was hesitant to adopt open-source software due to a perceived ambiguity around its legal status as a commercial good. In 2009, however, the Department of Defense made it clear that open-source software products are on equal footing with their proprietary counterparts.
We agree, and the first section of our source code policy is unequivocal: We use open-source software, and we do so because it helps us fulfill our mission.
Open-source software works because it enables people from around the world to share their contributions with each other. The CFPB has benefited tremendously from other people’s efforts, so it’s only right that we give back to the community by sharing our work with others.
This brings us to the second part of our policy: When we build our own software or contract with a third party to build it for us, we will share the code with the public at no charge. Exceptions will be made when source code exposes sensitive details that would put the Bureau at risk for security breaches; but we believe that, in general, hiding source code does not make the software safer.
We’re sharing our code for a few reasons:
First, it is the right thing to do: the Bureau will use public dollars to create the source code, so the public should have access to that creation. Second, it gives the public a window into how a government agency conducts its business. Our job is to protect consumers and to regulate financial institutions, and every citizen deserves to know exactly how we perform those missions. Third, code sharing makes our products better. By letting the development community propose modifications, our software will become more stable, more secure, and more powerful with less time and expense from our team. Sharing our code positions us to maintain a technological pace that would otherwise be impossible for a government agency.The CFPB is serious about building great technology. This policy will not necessarily make that an easy job, but it will make the goal achievable.
Our policy is available in three formats: HTML, for easy access; PDF, for good presentation; and as a GitHub Gist, which will make it easy for other organizations to adopt a similar policy and will allow the public to easily track any revisions we make to the policy.
If you’re a coder, keep an eye on our GitHub account. We’ll be releasing code for a few projects in the coming weeks.